With the arrival of the Christmas holidays, the retail sector is preparing to face its most crucial shopping season of the year. The months from November to January, in fact, represent a fundamental period for the increase in sales, thanks to events such as Black Friday, Christmas shopping and end-of-season sales. And the growth of online shopping has further intensified this phenomenon. However, alongside the economic benefits, there are also the cyber security risks. THE companies in the sector they handle huge amounts of sensitive data on consumers, including information on payments and loyalty programs, thus becoming prime targets for hackers.
In this scenario, the Data Breach Investigations Report (Dbir) 2024 by Verizon analyzes the major security breaches that threaten retail companies, focusing on the most common attack techniques and compromised data.
The numbers of the Data Breach Investigations Report 2024
The report examined over 725 Cyber Attacks on Retail Companies, of which 369 resulted in the theft of sensitive information. According to Verizon, the 92% of violations in retail was caused by targeted attacks who have exploited vulnerabilities in systems, mainly through three techniques: system intrusions, social engineering and web application attacks. In most cases, these attacks have been perpetrated by actors external to the companies (96%) for mainly financial reasons (99%).
One of the most significant findings of the report concerns theEvolution of social engineering techniques: pretexting, a more sophisticated form of deception, has overcome phishing as the primary method of gaining access to sensitive data. Pretexting involves using a convincing pretext to trick victims into providing private information, such as login credentials or sensitive details.
What data gets stolen: Credentials top the list
Despite the traditional be careful with credit card data, the Verizon report highlights that the login credentials were the most frequently compromised data, with an incidence of 38% of the attacks. Following were more sensitive data stolen (31%) and payment information (25%). These numbers clearly show a change in hackers' priorities, which are now focusing more on Direct access to accounts rather than traditional banking data thefts.
The threat of Denial of Service (DoS)
Another growing risk for retail companies is represented by Denial of Service Attacks (DoS). These attacks, while not always resulting in actual data breaches, can cause significant disruptions to online services. During seasonal traffic peaks, such as those that occur during the Christmas period, these attacks can have devastating repercussions, compromising the operation of the platforms and causing huge economic losses.
Investing in Cyber Security
Faced with these threats, retail companies must increase investments in security computer science, starting from training of its employees and by 'IT solutions update, often obsolete. Cyber breaches not only cause direct losses related to data theft, but they also damage the brand's reputation. Consumers’ perceived safety is now a determining factor for the success of companies, especially in a context where trust is fundamental.